The threat of a cyber attack on operational technology (OT) – like industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA) – can have serious repercussions that reach far beyond disruption to the individual business. We all depend on the reliable functioning of our critical infrastructure – and to some degree we take it for granted that it will always be there for us.
With rapid expansion of critical national infrastructure building projects around the world to cope with rapidly growing economies, it is essential that security is considered early on to ensure the successful launch, reliability and durability of new critical infrastructure for years to come.
Governments and organisations must urgently invest in new strategies to protect their new and existing OT environments. This will ensure the sustainability of progress in rapidly developing economies so that people can benefit from the development and not at any point lose access (even temporarily) to key necessities and facilities such as water, electricity, gas, other fuels, transport, communications, technology and other key services.
So what can governments and organisations do?
The four pillars of operational technology security
The first step in controlling risk is to understand an organisation’s exposure across all areas of the business and prioritise those deemed critical. Next is to establish an organisation’s level of capability in four key areas:
- Detecting anomalies, threats or incidents and knowing how quickly you can respond
- Controlling and securing the data flow between defined networks
- Controlling and managing user access to systems, and how systems can access one another
- Protecting the growing array of network endpoints, beyond PCs and mobile devices to include IoT.
As these networks are extremely complex and often use proprietary hardware, it is vital that security assessment and monitoring is conducted by security specialists who fully understand the intricacies of control networks.
NTT Security’s IT/OT Integrated Security Services are a combination of consulting and managed security services designed to spot areas of potential risk and address them effectively via continuous managed monitoring, detection, defence and response capabilities.
Click here to read our new thought leadership paper on Operational Technology.
The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.